Re: [Ext] Re: IP Address Anonymization Feature in tcpdump

[Alberto Perez Bogantes via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Alberto Perez Bogantes <aperezbogantes () hawk iit edu>
>
> Date: Tue, 5 Nov 2024 19:25:38 +0100
>
> Thank you for watching the video; I hope it helped clarify the proposal.
>
> You are correct that a MAC address is a piece of personal information. One
> possible approach is to randomize MAC addresses, which is easier than
> pseudonymizing an IP address. Besides, following the convention used in
> cryptopANT (the library we use for address pseudonymization), we don't hide
> the MAC addresses (since cryptopANT is used in settings where layer 2
> headers are usually stripped out), but extending it to the Ethernet header
> is planned for future work.
>
> Regarding the intrusive nature of the changes and their extent beyond
> anonymization, we initially considered utilizing the existing print
> statements and applying anonymization just before the IP address was
> printed. However, we ran into a problem when the packet was dumped in
> hexadecimal or written to a pcap file, as the anonymization did not take
> effect because the print statements weren’t executed.  One solution we came
> up with is to program it so that when a packet is flagged for printing,
> anonymization is executed directly from the print flow. If the flags
> indicate that the packet is being dumped or written to another pcap, the
> "centralized version" of the preprocessing will be executed instead. We
> would like to know if there are any other methods to tackle this issue.
> As for the whitespaces, this code is a kind of proof of concept to assess
> whether this idea could fit within tcpdump. The commits, whitespaces, etc.,
> can be corrected to adhere to the best programming standards for tcpdump.
>
> Regards,
> Alberto.
>
> On Wed, Oct 16, 2024 at 10:28 PM Denis Ovsienko <denis () ovsienko info> wrote:
>
> > On Wed, 16 Oct 2024 19:55:41 +0100
> > Denis Ovsienko <denis () ovsienko info> wrote:
> >
> > > and Ethernet
> > > OUI is always 48 bit long
> >
> > 24 bits long, of course.  Half the MAC address is OUI, not the entire
> > address.  Which may or may not make the mapping easier to implement,
> > but that's not the point.
> >
> > --
> >     Denis Ovsienko
> > _______________________________________________
> > tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
> > To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
> > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s